Saving encryption keys in one-time programmable memory   

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of the filing date of U.S. provisional application Nos. 61/250,055 filed Oct. 9, 2009, 61/250,047 filed Oct. 9, 2009, and 61/265,109 filed Nov. 30, 2009, the teachings of which are incorporated herein in their entireties by reference.

The subject matter of this application is related to U.S. patent application Ser. Nos. 12/436,227 filed May 6, 2009, 12/475,710 filed Jun. 1, 2009, 12/475,716 filed Jun. 1, 2009, 12/477,996 filed Jun. 4, 2009, 12/478,013 filed Jun. 4, 2009, 12/508,879 filed Jul. 24, 2009, 12/508,915 filed Jul. 24, 2009, 12/643,471 filed Dec. 21, 2009, 12/649,490 filed Dec. 30, 2009, 12/722,828 filed Mar. 12, 2010, 12/730,627 filed Mar. 24, 2010, 12/731,631 filed Mar. 25, 2010 and XX/XXX,XXX (300.182) filed XX XX, XXXX, the teachings of all of which are incorporated herein in their entireties by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to storage devices, and, in particular, to prevention of unauthorized access to data stored on the storage device with interlocking plaintext passwords for data encryption keys.

2. Description of the Related Art

Flash memory is a type of non-volatile memory that is electrically erasable and re-programmable. Flash memory is primarily used in memory cards and USB flash drives for general storage and transfer of data between computers and other digital products. Flash memory is a specific type of electrically erasable programmable read-only memory (EEPROM) that is programmed and erased in large blocks. One commonly employed type of flash memory technology is NAND flash memory. NAND flash memory forms the core of the flash memory available today, especially for removable universal serial bus (USB) storage devices known as USB flash drives, as well as most memory cards. NAND flash memory exhibits fast erase and write times, requires small chip area per cell, and has high endurance. However, the I/O interface of NAND flash memory does not provide full address and data bus capability and, thus, generally does not allow random access to memory locations.

There are three basic operations for NAND devices: read, write and erase. The read and write operations are performed on a page by page basis. Page sizes are generally 2N bytes, where N is an integer, with typical page sizes of, for example, 2,048 bytes (2 kb), 4,096 bytes (4 kb), 8,192 bytes (8 kb) or more per page. Pages are typically arranged in blocks, and an erase operation is performed on a block by block basis. Typical block sizes are, for example, 64 or 128 pages per block. Pages must be written sequentially, usually from a low address to a high address. Lower addresses cannot be rewritten until the block is erased.

A hard disk is addressed linearly by logical block address (LBA). A hard disk write operation provides new data to be written to a given LBA. Old data is over-written by new data at the same physical LBA. NAND flash memories are accessed analogously to block devices, such as hard disks. NAND devices address memory linearly by page number. However, each page might generally be written only once since a NAND device requires that a block of data be erased before new data is written to the block. Thus, for a NAND device to write new data to a given LBA, the new data is written to an erased page that is a different physical page than the page previously used for that LBA. Therefore, NAND devices require device driver software, or a separate media controller chip with firmware, to maintain a record of mappings of each LBA to the current page number where its data is stored. This record mapping is typically managed by a flash translation layer (FTL) in software/firmware that might generate a logical-to-physical translation table. The flash translation layer corresponds to the media layer of software and/or firmware controlling a hard disk drive (HDD).

Since a storage device, such as a solid state disk (SSD) or HDD, might be used to store sensitive or private data, a typical media controller chip might employ data encryption to encrypt data on all or part of the storage media. For example, a media controller chip might implement a self-encrypting storage device, such as an SSD or HDD, which locks data, locks the drive, erases data completely, and safely stores security credentials. Such a chip might further be optionally employed in combination with a Trusted Platform Module (TPM) security chip found on many enterprise systems. The media controller might also interact with other security measures, such as smart cards or biometric verification.

The Trusted Computing Group (TCG) is an organization that has published standards for Storage Devices and Storage Interfaces generally, and for Security Subsystem Classes (SSCs) specifically, which define the minimum capabilities of a storage device in a specific “class”. For example, TCG Core Architecture Specification, Version 2.0, (2009) and TCG Storage Interface Interactions Specification, Version 1.0 (2009), define a comprehensive architecture of storage devices and storage device commands, respectively. Further, TCG Storage SSC: Enterprise, Version 1.0, (2009) (hereinafter “TCG Enterprise Specification”), defines security requirements and commands for enterprise storage systems. Similarly, TCG Storage SSC: Opal, Version 1.0, (2009) (hereinafter “TCG Opal Specification”), defines security requirements and commands for consumer storage systems. These documents are referred to herein collectively as “the TCG Specifications”. Devices operating in accordance with the TCG Specifications might employ encryption methodologies such as described in Specification for the Advanced Encryption Standard (AES), Federal Information Processing Standard (FIPS) Publication 197, (2001) and Specification for the Secure Hash Standard (SHS), FIPS Publication 180-3 (2008), both published by the National Institute of Standards and Technology (NIST). In any data encryption scheme, for both enterprise and consumer systems, key storage and management are important security issues, as gaining access to the one or more security keys might allow access to data stored on the storage device.

SUMMARY

This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.

Described embodiments provide encryption/decryption of data transferred between a media controller and a storage device. The media controller provides encryption/decryption based on a root key (RK). Storage in a one-time programmable (OTP) memory is provided as a plurality of un-burned slots. The OTP memory is initially provided without the RK, which is generated with a random number generator. A control module performs the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK. If the control module validates the burned RK, the burned RK is employed by the media controller. Otherwise, one or more subsequent slots of the OTP memory are burned with the RK until the control module validates the corresponding burned RK.

BRIEF DESCRIPTION OF THE DRAWINGS

Other aspects, features, and advantages of the present invention will become more fully apparent from the following detailed description, the appended claims, and the accompanying drawings in which like reference numerals identify similar or identical elements.

FIG. 1 shows a block diagram of a memory storage system implementing plain text password interlocking with data encryption keys in accordance with exemplary embodiments of the present invention;

FIG. 2 shows an exemplary functional block diagram of sub-modules employed by the memory storage system of FIG. 1;

FIG. 3 shows an exemplary block diagram of the host subsystem of FIG. 2, in accordance with embodiments of the present invention;

FIG. 4 shows an exemplary block diagram of the encryption datapath of FIG. 3, in accordance with embodiments of the present invention;

FIG. 5 shows an exemplary block diagram of the access control system of FIG. 4, in accordance with embodiments of the present invention;

FIG. 6 shows an exemplary block diagram of an enterprise data security engine, in accordance with embodiments of the present invention;

FIG. 7 shows an exemplary block diagram of a consumer data security engine, in accordance with embodiments of the present invention;

FIG. 8 shows an exemplary block diagram of a locking architecture, in accordance with embodiments of the present invention;

FIG. 9 shows a flow diagram of a process for initializing a data security engine, in accordance with embodiments of the present invention;

FIG. 10 shows a flow diagram of a process for storing a root key to a one-time programmable memory, in accordance with embodiments of the present invention; and

FIG. 11 shows a flow diagram of a process for authenticating a plaintext password, in accordance with embodiments of the present invention.

DETAILED DESCRIPTION

In accordance with embodiments of the present invention, a media controller for a storage device provides for burning a root key and corresponding checksum to a slot in a one-time programmable (OTP) memory. The root key generally might be programmed at the manufacture time of the storage device, rather than at the manufacture time of the media controller System-on-Chip (SoC). Embodiments of the present invention might also employ the root key and checksum burning as a test of the media controller SoC to detect failed devices (e.g., devices having OTP memory failures).

Table 1 defines a list of acronyms employed throughout this specification as an aid to understanding the described embodiments of the present invention:

TABLE 1 HDD Hard Disk Drive DIF Data Integrity Field SSD Solid State Disk PWT Pending Write Table API Application ACS Access Control System Programming Interface SATA Serial Advanced DSE Data Security Engine Technology Attachment SCSI Small Computer System MBR Master Boot Record Interface SAS Serial Attached SCSI TCG Trusted Computing Group SoC System-on-Chip SSC Security Subsystem Classes LLD Low Level Driver FIPS Federal Information Processing Standard LBA Logical Block Address PRNG Pseudo Random Number Generator BAM Buffer Allocation TRNG Truly Random Number Module Generator DMA Direct Memory Access AES Advanced Encryption Standard RX Receive ECB Electronic Code Book TX Transmit CBC Cipher Block Chaining I/O Input/Output SHA Secure Hash Algorithm FIFO First-In, First-Out PAK Password Authentica- tion Key AHB AMBA High- DK Data Key performance Bus CTS Cipher Text Stealing eDK encrypted Data Key OTP One-Time Programmable AHK Authentication Hash Key SP Security Provider hPAK hashed Password Authentication Key FDE Full Disk Encryption IV Initialization Vector

Download full PDF for full patent description/claims.




You can also Monitor Keywords and Search for tracking patents relating to this Saving encryption keys in one-time programmable memory patent application.

Patent Applications in related categories:

20130124877 - Communication method, communication equipment, and storage equipment - A communication equipment, method and storage device cooperate to assist in connecting a storage device between different devices. The equipment includes an interface configured to be electrically connected to information terminal equipment. It also includes a communication mechanism that performs communication with storage equipment that has a region assigned to ...

20130124876 - Data encryption and/or decryption by integrated circuit - In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, ...


###


Other recent patent applications listed under the agent Lsi Corporation:

20090319963 - Method for estimation of trace information bandwidth requirements
20090295470 - Fast turn on active dcap cell